133 lines
3.9 KiB
Go
133 lines
3.9 KiB
Go
/*-
|
|
* Copyright 2014 Square Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package josecipher
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/aes"
|
|
"encoding/hex"
|
|
"testing"
|
|
)
|
|
|
|
func TestAesKeyWrap(t *testing.T) {
|
|
// Test vectors from: http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
|
|
kek0, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
|
|
cek0, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF")
|
|
|
|
expected0, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5")
|
|
|
|
kek1, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F1011121314151617")
|
|
cek1, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF")
|
|
|
|
expected1, _ := hex.DecodeString("96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D")
|
|
|
|
kek2, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F")
|
|
cek2, _ := hex.DecodeString("00112233445566778899AABBCCDDEEFF0001020304050607")
|
|
|
|
expected2, _ := hex.DecodeString("A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1")
|
|
|
|
block0, _ := aes.NewCipher(kek0)
|
|
block1, _ := aes.NewCipher(kek1)
|
|
block2, _ := aes.NewCipher(kek2)
|
|
|
|
out0, _ := KeyWrap(block0, cek0)
|
|
out1, _ := KeyWrap(block1, cek1)
|
|
out2, _ := KeyWrap(block2, cek2)
|
|
|
|
if bytes.Compare(out0, expected0) != 0 {
|
|
t.Error("output 0 not as expected, got", out0, "wanted", expected0)
|
|
}
|
|
|
|
if bytes.Compare(out1, expected1) != 0 {
|
|
t.Error("output 1 not as expected, got", out1, "wanted", expected1)
|
|
}
|
|
|
|
if bytes.Compare(out2, expected2) != 0 {
|
|
t.Error("output 2 not as expected, got", out2, "wanted", expected2)
|
|
}
|
|
|
|
unwrap0, _ := KeyUnwrap(block0, out0)
|
|
unwrap1, _ := KeyUnwrap(block1, out1)
|
|
unwrap2, _ := KeyUnwrap(block2, out2)
|
|
|
|
if bytes.Compare(unwrap0, cek0) != 0 {
|
|
t.Error("key unwrap did not return original input, got", unwrap0, "wanted", cek0)
|
|
}
|
|
|
|
if bytes.Compare(unwrap1, cek1) != 0 {
|
|
t.Error("key unwrap did not return original input, got", unwrap1, "wanted", cek1)
|
|
}
|
|
|
|
if bytes.Compare(unwrap2, cek2) != 0 {
|
|
t.Error("key unwrap did not return original input, got", unwrap2, "wanted", cek2)
|
|
}
|
|
}
|
|
|
|
func TestAesKeyWrapInvalid(t *testing.T) {
|
|
kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
|
|
|
|
// Invalid unwrap input (bit flipped)
|
|
input0, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CFE5")
|
|
|
|
block, _ := aes.NewCipher(kek)
|
|
|
|
_, err := KeyUnwrap(block, input0)
|
|
if err == nil {
|
|
t.Error("key unwrap failed to detect invalid input")
|
|
}
|
|
|
|
// Invalid unwrap input (truncated)
|
|
input1, _ := hex.DecodeString("1EA68C1A8112B447AEF34BD8FB5A7B828D3E862371D2CF")
|
|
|
|
_, err = KeyUnwrap(block, input1)
|
|
if err == nil {
|
|
t.Error("key unwrap failed to detect truncated input")
|
|
}
|
|
|
|
// Invalid wrap input (not multiple of 8)
|
|
input2, _ := hex.DecodeString("0123456789ABCD")
|
|
|
|
_, err = KeyWrap(block, input2)
|
|
if err == nil {
|
|
t.Error("key wrap accepted invalid input")
|
|
}
|
|
|
|
}
|
|
|
|
func BenchmarkAesKeyWrap(b *testing.B) {
|
|
kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
|
|
key, _ := hex.DecodeString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")
|
|
|
|
block, _ := aes.NewCipher(kek)
|
|
|
|
b.ResetTimer()
|
|
for i := 0; i < b.N; i++ {
|
|
KeyWrap(block, key)
|
|
}
|
|
}
|
|
|
|
func BenchmarkAesKeyUnwrap(b *testing.B) {
|
|
kek, _ := hex.DecodeString("000102030405060708090A0B0C0D0E0F")
|
|
input, _ := hex.DecodeString("1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5")
|
|
|
|
block, _ := aes.NewCipher(kek)
|
|
|
|
b.ResetTimer()
|
|
for i := 0; i < b.N; i++ {
|
|
KeyUnwrap(block, input)
|
|
}
|
|
}
|